Wednesday Tidbit: Make sure your vRA directory attributes are correct

Earlier this week I had an issue in vRealize Automation where logged-on usernames were being displayed incorrectly. At first I hoped it was just a cosmetic issue, but as I delved deeper it appeared to be a little more than that, and could be an issue for both users and developers.

When users logged into the development environment, their names appeared as the full UPN in the top right corner. Whilst this is fine, it also appended the user’s AD domain twice when provisioning resources. This could also be seen when looking at the user’s account:

Cosmetically this looked bad, and the customer was concerned this would confuse their users. Together with this, when developers needed to login to CloudClient, they were forced to use user@domain.com@domain.com, which is far from ideal:

Yeah, that ain’t good

The cause for this is the Active Directory search attribute you choose to map as the VMware Identity Manager user. When the development environment was setup, UserPrincipalName was chose instead of the sAMAccountName. Unfortunately once configured, vIDM doesn’t allow you to change this (despite it being a dropdown box suggesting you can). The only solution was to delete and recreate the directory – this time choosing sAMAccountName as the Directory Search Attribute:

Once configured correctly, usernames displayed correctly in requests and elsewhere in the GUI, and the proper format can be used to login into CloudClient:

For a development or test environment, removing and re-adding the directory is possible. However for a full-blown large scale deployment affecting thousands of users, this is less than desirable. Therefore you may want to ensure you configure it correctly first time around.